MCP Server Registry and Security Scorer

MCP servers exploded to 22K+. Knowing which are safe to wire into an agent stack is your problem now.

This Actor is a Standby API for builders who need MCP server profiles and deterministic risk scores over HTTP. It reads the official Model Context Protocol registry, enriches each server with npm and GitHub metadata when available, then returns a normalized profile or a security scan result that can be stored in Apify datasets.

Use it when a directory UI is not enough. Agent platforms, enterprise AI governance teams, dev tool teams, and marketplaces can call this Actor from admission pipelines, allowlist builders, dashboard jobs, or security feeds.

Quick start

Look up one server profile:

$curl "https://george-the-developer--mcp-server-registry-scorer.apify.actor/server?name=io.github.Digital-Defiance/mcp-filesystem"

Run a security scan:

$curl "https://george-the-developer--mcp-server-registry-scorer.apify.actor/scan?name=io.github.Digital-Defiance/mcp-filesystem"

For high volume bulk scans, add include_github=false to avoid unauthenticated GitHub rate limits, or set GITHUB_TOKEN on the Actor for higher limits.

Endpoints

Method	Path	Purpose
GET	/	Service info
GET	/health	Health status
GET	/server?name=<server_id>	One enriched MCP server profile
GET	/list?limit=<N>&offset=<N>&sort=<popular|recent|name>	Registry page with enrichment
GET	/scan?name=<server_id>	One risk scan with profile
POST	/scan/bulk	Scan up to 50 servers with { "servers": [...] }

Profile schema

Each profile row is pushed to the default Apify dataset and returned by the API.

{
  "server_id": "io.github.Digital-Defiance/mcp-filesystem",
  "name": "@ai-capabilities-suite/mcp-filesystem",
  "description": "Advanced filesystem operations with strict security boundaries for AI agents",
  "transport": "stdio",
  "repository_url": "https://github.com/Digital-Defiance/ai-capabilities-suite",
  "homepage_url": "https://github.com/Digital-Defiance/mcp-filesystem",
  "registry_source": "modelcontextprotocol",
  "registry_url": "https://registry.modelcontextprotocol.io/servers/io.github.Digital-Defiance%2Fmcp-filesystem",
  "version": "0.1.9",
  "license": "MIT",
  "language": "typescript",
  "github_stars": 3,
  "github_open_issues": 3,
  "github_last_commit": "2026-04-08T18:05:37.000Z",
  "github_archived": false,
  "npm_weekly_downloads": 85,
  "npm_first_published": "2025-12-09T05:50:22.757Z",
  "tools_count": null,
  "resources_count": null,
  "prompts_count": null,
  "fetched_at": "2026-05-11T14:46:54.158Z"
}

Scan schema

Scans add deterministic risk scoring. No LLM calls are used.

{
  "server_id": "io.github.Digital-Defiance/mcp-filesystem",
  "scanned_at": "2026-05-11T14:46:54.161Z",
  "risk_score": 5,
  "risk_band": "low",
  "signals": {
    "no_repository_link": false,
    "github_archived": false,
    "stale_no_commit_90d": false,
    "unknown_publisher": false,
    "no_license": false,
    "permissive_capabilities": false,
    "tool_count_anomaly": false,
    "registered_but_unbuilt": false,
    "single_maintainer_npm": true,
    "advisory_match": false
  },
  "explanation": "Risk is low because this server has single npm maintainer. Review the linked package and repository metadata before adding it to a production agent allowlist."
}

Architecture

flowchart LR
  A[Input server name or list page] --> B[Fetcher selection]
  B --> C[Official MCP registry]
  B --> D[npm metadata and downloads]
  B --> E[GitHub repository API]
  C --> F[Normalize profile]
  D --> F
  E --> F
  F --> G[Risk scoring]
  G --> H[HTTP response]
  F --> I[Apify dataset]
  G --> I

Pricing

Event	Price	When charged
Actor start	$0.50	One paid Standby request or batch run
Server profile	$0.025	Each enriched MCP server profile returned
Security scan	$0.15	Each MCP server scanned for risk signals

Charges run only after real work succeeds. Health checks, readiness probes, and known test payloads return mock data without PPE charges.

Positioning

Glama is useful when a person wants a browsable MCP directory. Smithery is useful when teams want registry and install workflows. This Actor is the API layer for builders who want server profiles plus risk scores via HTTP, not a directory UI.

It fits production pipelines where you need a JSON answer that can be logged, diffed, joined with internal policy, or used to reject a server before it reaches an agent runtime.

Use cases

1. Agent platform admission control: scan MCP submissions before listing them.
2. Enterprise AI governance allowlists: keep an approved server list with evidence fields.
3. Dev tool risk dashboards: rank MCP dependencies by metadata risk.
4. MCP server marketplaces: add server trust labels to listings.
5. Security researcher feeds: monitor new registry entries with missing source, stale repos, or advisories.

GitHub rate limits

Unauthenticated GitHub API calls are limited. This Actor uses in memory caching for the Standby container lifetime and supports include_github=false for bulk operations. For better enrichment on bulk scans, set GITHUB_TOKEN as an Actor environment variable.

FAQ

Which registries are covered?
V1 uses the official MCP registry as the primary source. It can enrich packages that appear in registry metadata and package names that resolve on npm.

How is the risk score calculated?
The rubric is deterministic. Missing repository link, archived repo, stale commits, missing license, unusual tool count, single npm maintainer, unbuilt registry entry, unknown publisher, and advisory match add weighted points.

What does a high score mean?
It means the public metadata has risk signals that deserve review. It is not a malware verdict.

Can I avoid GitHub rate limits?
Yes. Use include_github=false for bulk calls, or set GITHUB_TOKEN on the Actor.

Do you refund health checks or failed probes?
Health checks and test payloads are short circuited and are not billed. Failed real work is not charged by the Actor code.

How do I contact the maintainer?
Open the Actor issue tab on Apify or contact George Kioko at george.the.developer on Apify.